Documentation ¶
Index ¶
- Constants
- func Forbidden(w http.ResponseWriter, r *http.Request, username, userSource string, ...) (int, error)
- func MethodIsRo(method string) bool
- func RegisterBackend(name string, plugFactory BackendFactory)
- type APIBackend
- func (backend *APIBackend) AuthenticateUser(r *http.Request) (*User, error)
- func (backend *APIBackend) Cleaner()
- func (backend *APIBackend) CreatePermit(apiResponse *Response) (*Permit, error)
- func (backend *APIBackend) GetDefaultPermit() (*Permit, error)
- func (backend *APIBackend) GetPermit(username string) (permit *Permit, err error)
- func (backend *APIBackend) GetPublicPermit() (*Permit, error)
- func (backend *APIBackend) GetUsername(r *http.Request) (username string, ok bool, err error)
- func (backend *APIBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
- func (backend *APIBackend) Name() string
- func (backend *APIBackend) RefreshUserPermit(username string) (*Permit, error)
- type Backend
- type BackendFactory
- type BasicBackend
- func (backend *BasicBackend) GetDefaultPermit() (*Permit, error)
- func (backend *BasicBackend) GetPermit(username string) (*Permit, error)
- func (backend *BasicBackend) GetPublicPermit() (*Permit, error)
- func (backend *BasicBackend) GetUsername(r *http.Request) (username string, authSuccess bool, err error)
- func (backend *BasicBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
- func (backend *BasicBackend) Name() string
- type Handler
- type Permit
- type Response
- type Rule
- type TLSBackend
- func (backend *TLSBackend) GetDefaultPermit() (*Permit, error)
- func (backend *TLSBackend) GetPermit(username string) (*Permit, error)
- func (backend *TLSBackend) GetPublicPermit() (*Permit, error)
- func (backend *TLSBackend) GetUsername(r *http.Request) (string, bool, error)
- func (backend *TLSBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
- func (backend *TLSBackend) Name() string
- type User
Constants ¶
const ( BackendBasic uint8 = iota BackendAPI BackendTLS BackendBasicName = "basic" BackendAPIName = "api" BackendTLSName = "tls" DefaultIdentifier = "default" PublicIdentifier = "public" )
Backend constants
const ( PermitTypeNo uint8 = iota PermitTypeUser PermitTypeDefault PermitTypePublic )
Permit Types
Variables ¶
This section is empty.
Functions ¶
func Forbidden ¶
func Forbidden(w http.ResponseWriter, r *http.Request, username, userSource string, backend Backend, permitType uint8) (int, error)
Forbidden logs why this request was forbidden and returns http.StatusForbidden
func MethodIsRo ¶
MethodIsRo returns whether the supplied method is a "read only" method.
func RegisterBackend ¶
func RegisterBackend(name string, plugFactory BackendFactory)
RegisterBackend registers a Permission backend for use
Types ¶
type APIBackend ¶
type APIBackend struct { CustomName string Lock sync.RWMutex Users map[string]*User Permits map[string]*Permit DefaultPermit *Permit PublicPermit *Permit UserURL string PermitURL string LoginURL string AddPrefixes []string AddWithoutPrefix bool CacheTime int64 Cleanup int64 }
APIBackend authenticates users and gets permits through an API.
func (*APIBackend) AuthenticateUser ¶
func (backend *APIBackend) AuthenticateUser(r *http.Request) (*User, error)
AuthenticateUser handles authentication via API.
func (*APIBackend) Cleaner ¶
func (backend *APIBackend) Cleaner()
Cleaner periodically cleans up the APIBackend This consists of deleting all timed-out users and permits.
func (*APIBackend) CreatePermit ¶
func (backend *APIBackend) CreatePermit(apiResponse *Response) (*Permit, error)
CreatePermit creates a new permit according to the configuration.
func (*APIBackend) GetDefaultPermit ¶
func (backend *APIBackend) GetDefaultPermit() (*Permit, error)
GetDefaultPermit returns the default permit.
func (*APIBackend) GetPermit ¶
func (backend *APIBackend) GetPermit(username string) (permit *Permit, err error)
GetPermit returns the user permit of a user.
func (*APIBackend) GetPublicPermit ¶
func (backend *APIBackend) GetPublicPermit() (*Permit, error)
GetPublicPermit returns the public permit.
func (*APIBackend) GetUsername ¶
GetUsername authenticates and returns a username, if successful.
func (*APIBackend) Login ¶
func (backend *APIBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
Login redirects to the configured login URL.
func (*APIBackend) Name ¶
func (backend *APIBackend) Name() string
Name returns the name of the backend.
func (*APIBackend) RefreshUserPermit ¶
func (backend *APIBackend) RefreshUserPermit(username string) (*Permit, error)
RefreshUserPermit gets the Permit of an already authenticated user via API.
type Backend ¶
type Backend interface { GetUsername(r *http.Request) (username string, authSuccess bool, err error) GetPermit(username string) (*Permit, error) GetDefaultPermit() (*Permit, error) GetPublicPermit() (*Permit, error) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error) Name() string }
Backend is an interface for adding backend plugins
func NewAPIBackend ¶
func NewAPIBackend(c *caddy.Controller, now int64) (Backend, error)
NewAPIBackend creates a new APIBackend.
func NewBasicBackend ¶
func NewBasicBackend(c *caddy.Controller, now int64) (Backend, error)
NewBasicBackend creates a new BasicBackend.
func NewTLSBackend ¶
func NewTLSBackend(c *caddy.Controller, now int64) (Backend, error)
NewTLSBackend create a new TLSBackend.
type BackendFactory ¶
type BackendFactory func(c *caddy.Controller, now int64) (Backend, error)
BackendFactory creates a plug
func GetFactory ¶
func GetFactory(name string) BackendFactory
GetFactory returns the factory for the given backend name
type BasicBackend ¶
type BasicBackend struct { Users map[string]string Permits map[string]*Permit DefaultPermit *Permit PublicPermit *Permit }
BasicBackend is a permission backend that uses HTTP Basic Authentication and static users and rules.
func (*BasicBackend) GetDefaultPermit ¶
func (backend *BasicBackend) GetDefaultPermit() (*Permit, error)
GetDefaultPermit returns the default permit.
func (*BasicBackend) GetPermit ¶
func (backend *BasicBackend) GetPermit(username string) (*Permit, error)
GetPermit returns the user permit of a user.
func (*BasicBackend) GetPublicPermit ¶
func (backend *BasicBackend) GetPublicPermit() (*Permit, error)
GetPublicPermit returns the public permit.
func (*BasicBackend) GetUsername ¶
func (backend *BasicBackend) GetUsername(r *http.Request) (username string, authSuccess bool, err error)
GetUsername authenticates and returns a username, if successful.
func (*BasicBackend) Login ¶
func (backend *BasicBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
Login returns "401 Authentication Required"
func (*BasicBackend) Name ¶
func (backend *BasicBackend) Name() string
Name returns the name of the plug.
type Handler ¶
type Handler struct { Next httpserver.Handler Backends []Backend ReadParentPath bool RemovePrefix string Realm string SetBasicAuth string SetCookies [][]string }
Handler (Permission Handler) is an authentication and authorization middleware
func NewHandler ¶
func NewHandler(c *caddy.Controller, now int64) (*Handler, error)
NewHandler creates a new Handler from configuration
func (*Handler) CheckPermits ¶
CheckPermits checks permissions of a request
type Permit ¶
Permit holds permissions and their expiration time.
type Rule ¶
Rule holds permission information related to a specific path
func NewRule ¶
NewRule creates a new permission rule with the given concatenated method string and path
func (*Rule) MatchesMethod ¶
MatchesMethod checks if the permission matches the given HTTP method.
func (*Rule) MatchesParentPath ¶
MatchesParentPath checks if the HTTP request path is a parent of the permission rule path.
func (*Rule) MatchesPath ¶
MatchesPath checks if the permission rule matches the given HTTP request path.
type TLSBackend ¶
type TLSBackend struct { }
TLSBackend uses TLS client certificates for authentication.
func (*TLSBackend) GetDefaultPermit ¶
func (backend *TLSBackend) GetDefaultPermit() (*Permit, error)
GetDefaultPermit returns nothing, as TLSBackend does not support permits.
func (*TLSBackend) GetPermit ¶
func (backend *TLSBackend) GetPermit(username string) (*Permit, error)
GetPermit returns nothing, as TLSBackend does not support permits.
func (*TLSBackend) GetPublicPermit ¶
func (backend *TLSBackend) GetPublicPermit() (*Permit, error)
GetPublicPermit returns nothing, as TLSBackend does not support permits.
func (*TLSBackend) GetUsername ¶
GetUsername authenticates and returns a username, if successful.
func (*TLSBackend) Login ¶
func (backend *TLSBackend) Login(w http.ResponseWriter, r *http.Request, realm string) (bool, int, error)
Login is currently disabled for TLSBackend.
func (*TLSBackend) Name ¶
func (backend *TLSBackend) Name() string
Name returns the name of the plug.